Generating Keys for DKIM/DomainKeys with QMail

Posted by madpah in Mail Security & Deliverability on June 23rd, 2009

This is simple!

I installed Qmail Toaster and then did the following:

cd /var/qmail/control/domainkeys
mkdir [MY-DOMAIN-NAME.TLD]
cd [MY-DOMAIN-NAME.TLD]
dknewkey private » public.txt
chmod 440 private
cd ..
chown -R root.vchkpw [MY-DOMAIN-NAME.TLD]

This gives you two things:

  1. A file called “private” that contains your private key for generating message hashes. Don’t give this out!
  2. A file called “public.txt” that contains the data to add to your DNS record.

Notes

The phrase “private” used above is actually what’s called the “selector” when it comes to DKIM or DomainKeys. Effectively, each domain can have multiple different public/private key pairs (each with their own ’selector’) that can be used to generate DKIM or DomainKeys message hashes.
The one that is used to sign (actually) depends on the configuration and set up of your sending mail server.
Receiving mail servers are told which public key to use via the ’s=’ section of the DKIM or DomainKeys header in the received mail.
To understand further, simply look at the contents of “public.txt”:

private._domainkey      IN      TXT     "k=rsa; p=MEwwDQYJKoZIhvcNAQEBBQADOwAwOAIxAMNtJGxhM6rXJCc//y/LyzChfLaoqe4GXs9YkFtMV512i74eKtmvJtQ10mMNNFb8GQIDAQAB"

This tells us to create a DNS record of type TXT for the ’sub-domain’ private._domainkey (so this might be private._domainkey.phpsystems.co.uk) with the contents of that long string, but excluding then quote marks.

Don’t think this post tells you all you need to know about configuring DKIM/DomainKeys. More coming soon.

, , ,

No Comments

Fresh start…

Posted by madpah in General on June 22nd, 2009

OK, so there’s nothing here.

Well I would like to pass my thanks to the *(*! that hacked VAServ recently (references below).

I’ll try to grab my articles back together and keep on top of things a little better this time round.

P

The Register

No Comments